Spaces:
Configuration error
Configuration error
| title: Sandbox CLI | |
| summary: "Manage sandbox containers and inspect effective sandbox policy" | |
| read_when: "You are managing sandbox containers or debugging sandbox/tool-policy behavior." | |
| status: active | |
| # Sandbox CLI | |
| Manage Docker-based sandbox containers for isolated agent execution. | |
| ## Overview | |
| Moltbot can run agents in isolated Docker containers for security. The `sandbox` commands help you manage these containers, especially after updates or configuration changes. | |
| ## Commands | |
| ### `moltbot sandbox explain` | |
| Inspect the **effective** sandbox mode/scope/workspace access, sandbox tool policy, and elevated gates (with fix-it config key paths). | |
| ```bash | |
| moltbot sandbox explain | |
| moltbot sandbox explain --session agent:main:main | |
| moltbot sandbox explain --agent work | |
| moltbot sandbox explain --json | |
| ``` | |
| ### `moltbot sandbox list` | |
| List all sandbox containers with their status and configuration. | |
| ```bash | |
| moltbot sandbox list | |
| moltbot sandbox list --browser # List only browser containers | |
| moltbot sandbox list --json # JSON output | |
| ``` | |
| **Output includes:** | |
| - Container name and status (running/stopped) | |
| - Docker image and whether it matches config | |
| - Age (time since creation) | |
| - Idle time (time since last use) | |
| - Associated session/agent | |
| ### `moltbot sandbox recreate` | |
| Remove sandbox containers to force recreation with updated images/config. | |
| ```bash | |
| moltbot sandbox recreate --all # Recreate all containers | |
| moltbot sandbox recreate --session main # Specific session | |
| moltbot sandbox recreate --agent mybot # Specific agent | |
| moltbot sandbox recreate --browser # Only browser containers | |
| moltbot sandbox recreate --all --force # Skip confirmation | |
| ``` | |
| **Options:** | |
| - `--all`: Recreate all sandbox containers | |
| - `--session <key>`: Recreate container for specific session | |
| - `--agent <id>`: Recreate containers for specific agent | |
| - `--browser`: Only recreate browser containers | |
| - `--force`: Skip confirmation prompt | |
| **Important:** Containers are automatically recreated when the agent is next used. | |
| ## Use Cases | |
| ### After updating Docker images | |
| ```bash | |
| # Pull new image | |
| docker pull moltbot-sandbox:latest | |
| docker tag moltbot-sandbox:latest moltbot-sandbox:bookworm-slim | |
| # Update config to use new image | |
| # Edit config: agents.defaults.sandbox.docker.image (or agents.list[].sandbox.docker.image) | |
| # Recreate containers | |
| moltbot sandbox recreate --all | |
| ``` | |
| ### After changing sandbox configuration | |
| ```bash | |
| # Edit config: agents.defaults.sandbox.* (or agents.list[].sandbox.*) | |
| # Recreate to apply new config | |
| moltbot sandbox recreate --all | |
| ``` | |
| ### After changing setupCommand | |
| ```bash | |
| moltbot sandbox recreate --all | |
| # or just one agent: | |
| moltbot sandbox recreate --agent family | |
| ``` | |
| ### For a specific agent only | |
| ```bash | |
| # Update only one agent's containers | |
| moltbot sandbox recreate --agent alfred | |
| ``` | |
| ## Why is this needed? | |
| **Problem:** When you update sandbox Docker images or configuration: | |
| - Existing containers continue running with old settings | |
| - Containers are only pruned after 24h of inactivity | |
| - Regularly-used agents keep old containers running indefinitely | |
| **Solution:** Use `moltbot sandbox recreate` to force removal of old containers. They'll be recreated automatically with current settings when next needed. | |
| Tip: prefer `moltbot sandbox recreate` over manual `docker rm`. It uses the | |
| Gateway’s container naming and avoids mismatches when scope/session keys change. | |
| ## Configuration | |
| Sandbox settings live in `~/.clawdbot/moltbot.json` under `agents.defaults.sandbox` (per-agent overrides go in `agents.list[].sandbox`): | |
| ```jsonc | |
| { | |
| "agents": { | |
| "defaults": { | |
| "sandbox": { | |
| "mode": "all", // off, non-main, all | |
| "scope": "agent", // session, agent, shared | |
| "docker": { | |
| "image": "moltbot-sandbox:bookworm-slim", | |
| "containerPrefix": "moltbot-sbx-" | |
| // ... more Docker options | |
| }, | |
| "prune": { | |
| "idleHours": 24, // Auto-prune after 24h idle | |
| "maxAgeDays": 7 // Auto-prune after 7 days | |
| } | |
| } | |
| } | |
| } | |
| } | |
| ``` | |
| ## See Also | |
| - [Sandbox Documentation](/gateway/sandboxing) | |
| - [Agent Configuration](/concepts/agent-workspace) | |
| - [Doctor Command](/gateway/doctor) - Check sandbox setup | |